<!doctype html>
<html>
<head>
  <title>测试</title>
  <meta charset="utf8">
</head>
<body>
  <pre id="result"></pre>
</body>
</html>
<script src="xss.js"></script>
<script>
var code = '<script>alert("xss");</' + 'script>';
document.querySelector('#result').innerText = code + '\n被转换成了\n' + filterXSS(code);
</script>